Got Phishing Hooks? What You Need to Know about COMB

Adam Levin
2 min readFeb 8, 2021

You may have heard about the mother of all data breaches over the past couple of days. More than 3.2 billion email-password pairs were posted online. That’s bigger than the Yahoo compromise last year, which exposed a billion users.

The trove is being dubbed COMB, short for Compilation of Many Breaches. The name explains the situation fairly well. There’s no real news here. The posting of COMB is really only meaningful if you’re an identity thief, since it provides a great one-stop-shopping experience for every stripe of identity-related crime.

Why It Matters:

The COMB post is just in time for opening day of fishing season, which starts of course on April Fool’s Day. Of course when it comes to getting hacked, phishing season is year-round.

The specific hooks right now are:

If you prepare your own taxes and you’re not using two-factor authentication on the service that you use, this is the year to set it up. The IRS now allows anyone to get a PIN code to securely file a return. Get yours as soon as possible.

There is nothing more romantic than meeting Mr. or Ms. Right on Valentine’s Day. During Covid that is most likely going to happen online. A catfisher with your email address might be able to lure you into a kind of “love” that costs you bigtime. Be extra careful.

With news of more transmissible strains of Covid-19 circulating, many scams could be afoot, ranging from vaccines, PCR and rapid testing information to contact tracing. Take your time with any emails about Covid-19. Think before you click.

Because the vaccine rollout has been anything but orderly, there’s a flood of vaccine related phishing emails going around. Be especially careful with any email about vaccination. If you are unsure about an email, it is a good idea to err on the side of caution. Online resources are the best place to get vaccine information.

COMB truly is the Wikipedia of all breaches and compromise. But while this warehouse approach to breach data makes phishing and other modes of targeting people convenient, you’re not any more exposed than you were before the revelation of this database. It’s all been “out there” a very long time.

The bottom line here is that If you’re like most people, your cyber hygiene could use some leveling up. At the very least, you should start paying extra attention to breach notifications, stop re-using passwords and choose new harder-to-guess credentials, enable two-factor authentication wherever possible and update your security software whenever a new patch is released.

Originally published at on February 8, 2021.